package com.example.user_manage.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * 模拟前端页面的Controller
 */
@Controller
@EnableMethodSecurity
public class PageController {

    /**
     * 管理员才有权访问的接口
     * @return 管理员访问资源模拟
     */
    @PreAuthorize("hasRole('admin')")
    @GetMapping("/permission/admin")
    public @ResponseBody String admin(){
        return "管理员";
    }

    /**
     * 销售员有权访问的接口
     * @return 销售员访问资源模拟
     */
    @PreAuthorize("hasAnyRole('saler','admin')")
    @GetMapping("/permission/saler")
    public @ResponseBody String saler(){
        return "销售员";
    }

}
